Layer7 API Management

Hey, we are using CA OTK 3.4 and are trying the authorization code grant flow. If we are using external logon service, how can we associate the resource owner to the access token?

For example, on calling authorize endpoint, the flow will be redirected to our own external logon service, where our member abc can be authenticated with the credentials. Some security cookie will also be generated to show that the member is already authenticated. Once the access token is generated by the authorize call, is there a way for OTK to associate the member abc, also is the resource owner, to the access token? It seems now the access token is saved with the test client in the token store and it will be overwritten with new access tokens. 

Can we use the l7otk2a cookie to add the resource owner, and save the access token with the resource owner?

Thanks for your helps!

Hello!

By default OTK always associates the resource_owner, who granted the request, with the access_token. In regards to the cookie, in OTK 3.4 you should find a checkbox "Keep me logged in" on the login/grant page of the default authorization sever page. That checkbox sets the referenced cookie and is then used to extract the resource_owners name. The resource_owner needs to be authenticated within OTK once before though.

If you are using an external login service and want to leverage that cookie, the policy 'OTK User Authentication' has to be modified in such a way that the cookie can be validated against the external server. That server then has to return the username.

Another option is to upgrade to OTK-3.5 which makes it easy to integrate. Here is a blog post about that: http://tinyurl.com/zqtuch7

I hope this helps!